----- "Oliver Hansen" <[email protected]> wrote: > On 3/30/2010 3:25 PM, Oliver Hansen wrote: > > I tried posting this specifically before and didn't have any luck ( > > > http://www.mail-archive.com/[email protected]/msg19099.html ) but > > > now that I have contacted Microsoft I have a few more details to ask > > > the questions with. Here is the basic scenario: > > > > - On the server, TCP session timeouts have been lowered to 5 minutes > > > (through a reg edit that MS support had me make) > > - The client application has been shut down and netstat shows no > > connections open to the server > > - The server still shows many (up to 30) connections to the client > > long after the 5 minute timeout window > > - The pfSense (1.2.3-RC3) GUI Diagnostics -> States table shows > > sessions between the client and server as ESTABLISHED:ESTABLISHED > > - The client and server are in two different subnets connected by an > > > IPSec VPN > > > > Now, is there anything in pfSense that would keep a session open > even > > after the client has closed it and the server's TCP timeout window > has > > passed? The way MS Support was explaining it to me, they said the > > server would send out a message to see if the client was still > around > > and it would only be keeping the session open if something was > > responding on the client's behalf. She said to look for any setting > on > > the router such as "tcp keep alive" or "idle keep alive" but the > only > > thing I see is under VPN settings for the Keep Alive IP to ping > which > > I thought was only to keep the tunnel up by pinging a host on the > > remote subnet. > > > > Thank for any help! > > > Is there anyone who can give me some advice on what to check? I'd be > perfectly happy to show MS that the routers are not causing the > problem > but I'm not sure how to do that. If a state exists on the router > between > two computers and the state is not shown on either of the two > computers, > what should I be looking for in a packet capture? >
The state has timed out or has been closed on the endpoints, *NOT* the router/firewall which will keep these states until the state table timeout has been reached. If no data has passed on this state in the allotted time, the state will expire and be removed. If you want this to happen quicker, look at the "Firewall Optimization Options" under System --> Advanced. I don't have a system running pfSense newer than 1.2.2 currently available to check, but you might even be able to specify the timeout value manually in later versions. HTH. --Tim --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
